1. Field of the Invention
This invention pertains in general to computer security and in particular to the detection of misuse of trusted seals by websites.
2. Description of the Related Art
Modern Internet users face a wide variety of threats. For example, innocent-looking websites can surreptitiously phish confidential information. Other websites can distribute malicious software (malware) such as computer viruses, worms, Trojan horse programs, spyware, adware, and crimeware. Some websites are not necessarily malicious, but use poor security protocols or take other actions that unreasonably expose users to Internet-based threats.
In order to help users distinguish safe and unsafe websites, known trusted parties issue security seals to websites that are certified as using appropriate security procedures. Two such trusted issuers are VERISIGN AUTHENTICATION SERVICES and THAWTE, both owned by Symantec Corp. After being certified, a website can display the trusted seal. The seal assures visitors that the website is trustworthy and can boost user confidence in the services provided by the website.
Because the trusted seals are displayed as images, some unethical websites misuse trusted seals by copying and displaying unauthorized seals. A website might also subtly alter the seal to avoid detection by the seal-issuing party. This misuse amounts to a false representation that a website displaying the seal is trustworthy, when in fact the website has not been certified by the seal issuer. As a result, a user can be misled into interacting with an untrustworthy website.